On Security of a Certificateless Aggregate Signature Scheme

Executive Summary

Aggregate signatures are useful in special areas where the signatures on many different messages generated by many different users need to be compressed. Very recently, Xiong et al. proposed a certificateless aggregate signature scheme provably secure in the random oracle model under the Computational Diffie-Hellman assumption. Unfortunately, by giving two kinds of concrete attacks, the authors indicate that the certificateless aggregate signature scheme of Xiong et al. does not meet the basic requirement of unforgeability.